Tough new EU cyber rules require banks to ramp up security — but many aren't ready
Tough new EU regulations requiring banks to bolster their cybersecurity systems officially came into effect Friday — but many firms aren't in compliance.
Tough new European Union regulations requiring banks to bolster their cybersecurity systems officially come into effect Friday — but many of the bloc's financial services firms aren't yet in full compliance with the rules.
The EU's Digital Operational Resilience Act, or DORA, requires both financial services firms and their technology suppliers to strengthen their IT systems to ensure the industry is resilient in the event of a cyberattack or any other forms of disruption. It entered into effect on Jan. 17.
The penalties for breaches of the new legislation can be substantial. Financial services firms that fall foul of the new rules can face fines of up to 2% of annual global revenue. Individual managers could also be held liable for breaches and face sanctions of as much as 1 million euros ($1 million).
So far, the rate of compliance among financial services firms with the new rules has been mixed, according to Harvey Jang, chief privacy officer and deputy general counsel at IT giant Cisco.
"I think we've seen a mixed bag," Jang told CNBC in an interview. "Of course, the more mature-stage companies are further along looking at this for at least a year — if not longer."